A Unique way to send emails from hackerone support
[ads]
A Unique way to send emails from hackerone support – Bug Bounty POC
I hope all of you once reached out at hackerone support, if you have some support tickets which are solved then its time you can do some interesting thing with it like you can send email by support@hackerone.com to any email with any subject and message you want.
So The tickets which are marked as “SOLVED” can be located here :
https://support.hackerone.com/hc/en-us/requests
When you will click on any solved ticket the conversation between you and hackerone support employee will display there,The next thing when you will scroll the page to the end i hope you see exactly like this the image below.
So when you click on the “CREATE A FOLLOW-UP” button it will take you to a form like this :
So there are 3 fields here :
– CC option
– Subject
– Message
So i guess it’s simple, All you just have to do is write the Victim’s email on the CC option and fill out the rest like giving some phising links or anything you want to fool the victim.
So basically it is not a vulnerability, the cc option is letting us to send the notification to any email we want, After digging into it i figured out that this can be fixed by displaying cc option or these notifications but h1 wont agree. But i must say guys you should give it a shot and see the email, when i first saw it it could have tricked me also. It looked like this :